Methods and systems for protecting website forms from automated access

ABSTRACT

Systems and methods to tell apart computers and humans using image recognition task having a dynamic graphical arrangement of randomly selected images. The images can be arranged as a grid or matrix for presentation on a device display for authentication of a user as human. The kinds of graphical images can be derived from a selected category for the image recognition task. A series of randomly generated access codes corresponding to the images can be displayed with the images. The user may enter the access codes corresponding to images from the selected category. An authentication server can compare the access code entry to an authentication reference code corresponding to the particular arrangement of images. The selection of images, their arrangement and their corresponding access codes, may dynamically change in between verification sessions.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a divisional of U.S. patent application Ser. No.12/332,266 entitled “Methods and Systems for Protecting Website Formsfrom Automated Access” and filed on Dec. 10, 2008, the disclosure ofwhich is incorporated by reference in its entirety.

FIELD OF THE INVENTION

The present invention is directed to a method and system of tellingapart a human from a computer. In particular, the present invention isdirected to a graphical image verification system.

BACKGROUND OF THE INVENTION

The present invention is directed to a method for generating acompletely automated test to tell computers and humans apart. The methodcomprises generating a dynamic graphical arrangement of images. Thedynamic graphical arrangement comprises at least one randomly selectedimage from a selected category chosen for an image recognition task andat least one image not from the selected category. Each image of thedynamic graphical arrangement comprises a unique and randomly generatedaccess code. The dynamic graphical arrangement of images is presented tothe user and the image recognition task is communicated to the user. Aninput is received from the user access device. The input comprises theunique randomly generated access code corresponding to the at least oneimage from the selected category. The input from the user access deviceis verified to an authenticating reference code to determine the user isa human and not a computer.

The present invention is further directed to a method for selectivelyaccepting access requests from a client computer connected to a servercomputer by a network. The method comprises receiving an access requestfrom the client computer at an authentication server. The authenticationserver generates a dynamic graphical arrangement of images in responseto the access request. The dynamic graphical arrangement of imagescomprises at least one randomly selected image from a selected categorychosen for an image recognition task and at least one image not from theselected category. The dynamic graphical arrangement of images ispresented on an output device of the client computer. The user isinstructed to select images from the selected category to generate aninput. The input from the client computer is transmitted to theauthentication server. The input comprises a user selection of at leastone image. The access request is accepted if the user selection of theat least one image corresponds to the image chosen from the selectedcategory and otherwise denying the access request.

Further still, the present invention is directed to a method in acomputing system for providing secure transactions. The method comprisesreceiving a request to perform a transaction from a user and creating atransaction verification page comprising information regarding thetransaction. The transaction verification page comprises a dynamicgraphical arrangement of images and requests the user to select at leastone image from a selected category of images chosen for an imagerecognition task to commit the transaction. The transaction verificationpage is transmitted to the client. Next, an image selection is receivedfrom the client. The image selection is input to the transactionverification page by the user. In response to the image selectionmatching the image displayed on the transaction verification page fromthe selected category, the transaction represented by the transactionverification page is committed and in response to the image selectioninput not matching the image displayed on the transaction verificationpage from the selected category, transaction represented by thetransaction verification page is aborted.

The present invention is also directed to a computer system forselectively accepting access requests from an access device connected toa server computer by a network. The computer system comprises a memoryand a processor to execute instructions stored in the memory. The memorystores instructions to receive an access request from the access device,generate a dynamic graphical arrangement of images in response to theaccess request, present the dynamic graphical arrangement of images onan output device of the access device, instruct a user to select eachimage from the chosen category, and receive an input from the accessdevice. The dynamic graphical arrangement of images comprises at leastone randomly selected image from at least one selected category chosenfor an image recognition task. The input comprises a user selection ofat least one image from the at least one selected category. The accessrequest is accepted if the input from the access device corresponds tothe images from the selected category chosen for the image recognitiontask and otherwise denies the access request.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates an example of a dynamic graphical arrangement of thepresent invention.

FIG. 2 shows a display device for presenting the dynamic graphicalarrangement of FIG. 1 to a user.

FIGS. 3A and 3B are flowcharts describing a method for generating acompletely automated test comprising the dynamic graphical arrangementof FIG. 1 to tell computers and humans apart.

FIG. 4 is an illustration of client/server architecture for generating acompletely automated test comprising the dynamic graphical arrangementof FIG. 1 to tell computers and humans apart over the Internet.

DETAILED DESCRIPTION OF THE INVENTION

The present invention provides a system and method to tell apart a humanfrom a computer using a test generally known as a Completely AutomatedPublic test to Tell Computers and Humans Apart (hereinafter “CAPTCHA”).Websites, and in particular web-based forms, are often the target ofmalicious programs designed to register for service on a large scale,consume large amounts of resources or bias results in on-line polls orvoting. In response to these malicious programs CAPTCHA-based test havebeen developed in an attempt to discern between a human's attempt toaccess a website and automated access to a website.

CAPTCHA tests attempt to require a user to correctly answer a questionwhich only a human could provide a correct answer. Most current CAPTCHAtests are text based and require the user to interpret and input adistorted piece of test presented to the user. However, userfriendliness is lacking and automated attacks are not eliminated bycurrent CAPTHCA tests. Thus, there remains a need for improved systemsand methods to tell apart a human from a computer when allowing accessto a website.

Computer networks, particularly those with global reach such as theInternet, have greatly influenced the way that individuals, companiesand institutions conduct transactions, and store and retrieve documents,images, music, and video. Convenience, ease of use, speed, and lowoverhead costs are contributing factors to the widespread use of theInternet for purchasing goods as well as conducting transactions. Entireindustries have emerged as a result of the evolution of the Internet.

Securing access to many computer systems or computer networks generallyrequires the user to register a user identity and create a profile withthe provider's website. Further, many websites are established orfunction to collect information from Internet users via a poll, messageboard, or comment application. These websites allow users to add contentto the website and are therefore often susceptible to attack byautomated programs. Therefore, there is an ongoing need for CAPTCHAsolutions to protect such websites from automated programs.

The present invention provides a method and system for an improvedCAPTCHA test which requires users to select randomly generated imagesfrom a dynamic graphical arrangement of images. The images the user mustselect are based on selected categories selected by the verificationservice provider.

Referring now to the Figures and specifically to FIG. 1, there is showntherein an embodiment of the CAPTCHA-like test of the present invention.FIG. 1 shows a dynamic graphical arrangement comprising a plurality ofimages arranged in a three by three grid. Each of the images showntherein comprises a unique randomly generated access code superimposedover or onto the image. As shown in FIG. 1, the access code may comprisean alphanumeric character. CAPTCHA techniques could be employed toobfuscate the access code so that it is not machine-readable.

As shown on FIG. 1, the cells of dynamic graphical arrangement maydisplay a variety of images from different categories. The location ofthe images in the grid is randomized. The specific image for eachcategory is chosen from a database of images for that specific category.Accordingly, the dynamic graphical arrangement may comprise at least onerandomly selected image from a category selected for an imagerecognition task and at least one image not from the selected category.As discussed hereinafter the selected category may be both determined bythe test service provider or the web site and communicated to the useron a transaction verification page (FIG. 4).

One skilled in the art will appreciate that the dynamic graphicalarrangement may comprise a plurality of images from the selectedcategory and several images not from the selected category yet also fromseveral different categories. Additionally, the dynamic graphicalarrangement presented to the user may comprise one or more images knownto belong to the selected category, one or more images known not tobelong in the selected category and one or more images suspected tobelong in the selected category. In such situation, the user is stillgranted access to the website upon successfully selecting the imagesknown to belong to the selected category and avoiding selection of theimages known to not belong, and provides the service provider with aninterpretation as to the proper category for the images suspected tobelong to the selected category. Thus, the system and method of thepresent invention provides an automated way of learning how tocategorize images based upon human feedback via the user input.

The images presented the user in the dynamic graphical arrangement mayalso comprise advertisements. The image selected to be displayed may bebased on the websites, the advertisement campaigns, and otherparameters. When the user places the cursor over the advertisementimage, additional information and links about the advertisement may beprovided (which could otherwise be displayed automatically withoutcursor movement by the user). Additionally, the advertisement image maycomprise a hyperlink to the advertiser's website. If the user chooses tofollow the hyperlink, the destination of the hyperlink may open a newwindow with the advertiser's website displayed therein. When the userfinishes browsing the advertisement website, the user will return to thedynamic graphical arrangement and continue its attempt to access thedesired website. The user would not need to reenter any informationpreviously entered to allow the user to view the transactionverification page after viewing an advertisement link. Alternatively,the system may require the user to reenter its information after viewingan advertisement link after predetermined amount of time has passed forsecurity purposes. When the user finishes viewing the advertisementlink, the graphical arrangement is refreshed and displayed again.

While a series of one or more graphical images within a presentedgraphical arrangement can be dynamically altered in between accessattempts, the selected category can remain the same from the perspectiveof the user.

Turning now to FIG. 2, one or more images such as icons can be displayedto a user on a display device 10 according to a predeterminedarrangement or pattern. For each displayed image (12, 14, 16, and 18)within a graphical arrangement 20, there may be a corresponding accesscode (AC1, AC2, AC3, AC4 . . . ) shown to the user. The series of one ormore access codes can be therefore entered by the user as a response tothe test for that particular access session. However, the same accesscode may not work for subsequent access sessions in accordance with apreferable embodiment of the invention. Rather the selection of theimages themselves, their arrangement or location within a pattern, andtheir corresponding access codes are preferably different each time inorder to create a dynamic one-time graphical user test. It shall beunderstood that as with other embodiments of the invention herein, eachor all of these properties are not required to be dynamic and may bestatic (the same) instead during or in between access sessions.

The series of one or more images and corresponding access codes thatmake-up the dynamic access codes are preferably changed between eachauthentication processes. However, the selected category of images mayremain the same or changed by the service provider per access session.

The selected category and non-selected categories of graphical imagesare not limited to particular objects only but can include any varietyof themes or topics. This allows a wide variety of categories. Theimages (12 a, 12 b, 12 c, 12 d) of FIG. 1 are presented to the user andmay be displayed on a Web enabled computer or mobile device. It shall befurther understood that the one or more images may be organized in aselected arrangement such as a series of rows and columns (matrix),arrays or any other pattern within a display image.

The display device 10 illustrated in FIG. 2 may receive information torender a dynamic graphical arrangement in the form of a transactionverification page. The graphical arrangement may comprise two images andtwo corresponding access codes. Image 1 (12 a) may comprise an image ofan automobile, while images 2-4 may comprise images from variouscategories not selected for the image identification task. In addition,image 1 may include and display a corresponding access code AC1comprising an alphanumeric character such as the letter “A” and images2-4 may include and display corresponding access codes that are theletter “X, Y, and Z.” The system may display instructions 22 to the userrequiring them to select all images of automobiles displayed on theuser's device. The user would input the letter “A” or alternatively mayclick the image of the automobile to generate an input from the usercomprising the unique randomly generated access code corresponding tothe at least one image from the selected category. An authenticationserver system (not shown) connected to the display device via a networkcan compare the selected access codes against an authenticatingreference code to confirm the user is a human and not a computer.Preferable embodiments of the invention would render different images tothe user within a selected category, a different selected category ordifferent access codes (alphanumeric characters, symbols) each time thewebsite or form fill page is accessed

Another embodiment of the invention may capitalize on the focus andattention of users during the testing process for advertising andmarketing purposes. For example, as shown in FIG. 2, a dynamic graphicalarrangement grid may be displayed wherein the images compriseadvertisements or messages paid by sponsors or advertisers. As part ofan advertisement (ad) campaigns for a company, one or moreadvertisements can be introduced into the systems and methods describedherein. Such advertisements or sponsored messages can serve thedual-purpose of verifying the user is human and generating advertisingrevenue. The advertisements or messages themselves can function as theimages viewed by users which fall into selected and non-selectedcategories. While user attention may be greater for advertisementsrelating to a selected category for the user, advertisements relating tonon-selected categories are also valuable as they too are displayed.

A dynamic image grid as shown in FIG. 2 may include a selectedarrangement of advertisements (ads) that may be rendered during eachverification process for different users. The arrangement may includeany number of ads displayed for viewing, but a preferable embodiment ofthe invention may have nine (9) image ads arranged in a 3×3 grid eachhaving a corresponding access code (AC). Because of the wide range ofavailable categories for carrying out the invention, each categorypresents advertising opportunities within many different channels. Forexample, a category may be selected such as automobiles. Images 2 and 3(12 bm 12 c) may thus include ads for cars sold by a car manufacturerand images 1 and 4 (12 a and 12 d) may include ads for bottles of winesold by a wine maker. Upon presentation of the dynamic graphicalarrangement, a user is instructed to select images from the selectedcategory assigned for the access session and to type or enter within anaccess code field 24 the characters displayed for images from theselected category. One skilled in the art will appreciate the user maybe instructed to select images from more than one selected categorywithout departing from the spirit of the invention.

It shall be understood that ads or images herein may fall within one ormore categories available as a way to verify a human. Ads or graphicalimages can be also displayed more often within regularly scheduleddisplay cycles even if they are within non-selected categories. The adsor images that are selected for display within an arrangement maynevertheless capture the attention of users even if they do notnecessarily fall within a selected category since images or ads fornon-selected categories are also displayed.

FIGS. 3A and 3B are flow diagrams describing an embodiment of the systemand method of the present invention. At Step 100 a plurality of imagesmay be stored within a database or a computer memory that correspond toone or more available categories. From the numerous availablecategories, the system may designate a selected category from theplurality of categories to verify the user is human (Step 102). Inresponse to an attempt to access a website or web-based form, a dynamicgraphical image arrangement may be generated by a server systemcontaining at least one graphical image, and at least one correspondingaccess code (Step 104). For example, a random access code generator mayconstruct an authenticating reference code for an access session, suchas “A7.” Each character or digit within the access code may be assignedas the image identifier (or part thereof) to preselected images fallingwith the selected category. A series of other images from non-selectedcategories may be also assigned access codes to fill-out thearrangement. The server system may be instructed to randomly select (ornot) the pattern in which to present the graphical images to the user(Step 1 06). The graphical images falling within the selected categorymay be randomly (or not) positioned (Step 108) within the arrangement,and their corresponding access codes also displayed. Furthermore, thegraphical images from non-selected categories can be randomly (or not)positioned within remaining portions of the arrangement (Step 110). Forexample, two (2) graphical images of one or more cars can be displayedas part of a selected category of automobiles, each having acorresponding image identifier “A,” and “7.” In an embodiment of theinvention where a 2×2 image grid is provided (4 images total), two (2)images from non-selected categories are displayed to fill-out thearrangement which preferably have nothing to do with automobiles. Theaccess code information and associated data for the generatedarrangement is then stored by the server system in a memory. Thearrangement or layout of the images, the images themselves, and thecharacters of the displayed access codes, are preferably differentbetween access sessions. Alternatively, any or all of these propertiesmay remain the same (static) in between access sessions.

During an access session, the arrangement of dynamic graphical imagescan be delivered and presented to a user on a display device or displaywithin the client system upon receipt of an access request (Step 112).The user is instructed to select images from the selected category bytyping the access codes corresponding to the images from the selectedcategorie(s) (Step 114). The client system receives the input from theuser, and transmits it to the server system (Step 116), which comparesthe access codes to the stored authenticating reference code (e.g., A7)(Step 118). When the user input matches the authentication referencecode stored in the server system, authentication can be completed andaccess granted (Step 120) to the requested resource or website. Whenimage identifier information or a password does not match theauthentication reference code, then access is denied. As with otherembodiments of the invention, a user may be also permitted apredetermined number of attempts before account lock-out or any otheradministrative action is instituted such as the implementation ofnetwork security measures indicating the possibility of an automatedattack (Step 122).

FIG. 4 illustrates a system provided in accordance with the presentinvention. A server system may include or be configured as a server 40that generates the dynamic graphical arrangement 42 of images eachassociated with an access code for display on a user device 43. Thearrangement 42 may include one or more images 44 from one or moreselected categories (see FIG. 3), plus one or more images from thenon-selected category. Thereafter the arrangement 42 may be sent to theuser device 43 for display on a display device 46. The user may selector input the access codes corresponding to the images selected withinthe arrangement 44. Selected access codes may then be communicated bythe user device 43 to the server system 40. The server system 40 cancompare (Comparator 48) the user selected access codes relative to anauthenticating reference code, and further analyze related informationwith any other associated data that may be stored in a memory within theserver system 40. Upon the correct entry of the one or more accesscodes, which matches the authenticating reference code, verification ofthe user as human can be completed.

The systems provided herein may also include a service provider server50 with which a first user interacts in an attempt to gain access toinformation or services provided thereby.

The server 40 (system) may control access to a resource, a database orfile system, or a private communication channel. The server 40 may alsoinclude a computer readable memory 52, the comparator 48 and acommunications interface such as a modem or network adapter (not shown)with appropriate software drivers that support communication with thewebsite provider 50 via the Internet. The server system may furtherinclude a secured network, file systems or resources and informationstored in databases as described elsewhere herein. The databases maycontain one or more libraries of images or icons that can be displayedfor verifying the user is human and other purposes (e.g., advertising).The server system 40 may also include numerous devices such as fileservers (Web site servers), authentication servers, password databases,repositories or databases of images or icons that may be identified aspart of selected and non-selected categories.

The memory device 52 in the server system may store informationregarding the relationship between the images and access codes displayedto a user during an access session. A memory look-up table can be usedto store this information for mapping this information. The memory maybe implemented using random access memory (“RAM”), flash memory, diskdrives or any other rewritable memory technology. In some applications,the memory may also be implemented using non-rewritable memory such asread only memory (“ROM”) chips.

The user access device may include various devices such as a desktop orlaptop computer, a PDA, an ATM, or any device capable of displayingimages having a key entry pad keyboard, or other device for selectingimages from the selected category. The user access device preferablyincludes an input device 54, the display device 56 and an appropriatecommunications interface (not shown) which allows data from the inputdevice to be transmitted to the server system and/or service provider50. The communications interface might include a modem, network adapter,radio transmitter/receiver, or other such communications devices, alongwith appropriate software. The display device 56 may be any type ofdisplay capable of displaying various images, such as computer monitorsand flat panel displays.

Furthermore, the user access device 43 and server systems 40 cancommunicate over a variety of telecommunication systems includingwireless networks. The telecommunications system may also include avariety of data communications systems generally known in the art suchas a LAN, a WAN, a wireless system such as cellular, satellite andpersonal communications services (“PCS”) systems, or a dedicated line orconnection. In this regard, it is noted that the references to serverside and client side herein do not require a direct communicationtherebetween and intermediate computers may be present. Moreover, acomputer acting as a server could transmit information to anintermediate computer which could then transmit the information toanother computer where the user enters data.

As shown in FIG. 4, a user may select an access device 43 on which toaccess a resource or information stored on the service provider server50. In one embodiment of the present invention the user may beidentified by the server system 40 with an account identifier, name orother user identification information. In this case when the serversystem 40 determines the user is a recognized user, it can generate adisplay image 42 including an arrangement of dynamic graphicalarrangement of images 44 arranged for presentation on the display device43.

As with other embodiments of the invention, the server 40 may generatethe display image by selecting images based a selected category.Alternatively, the display image may be pre-generated or displayedaccording to a pre-established routine or computer program, and storedin a database system. The display image 42 and dynamic graphicalarrangement may be implemented as a bit mapped image, a raster image orin any other suitable image file format.

The dynamic graphical arrangement 44 may also include access codescorresponding to each of the images displayed. The user may input theaccess codes corresponding to images from the selected category.

The user enters on the input device 54 the access codes and communicatesthe input to the server system 40. The server system 40 may utilize thecomparator 48 to compare the selected access codes with reference accesscodes as described elsewhere herein. The comparator 48 in the serversystem 40 can compare the one or more access codes entered by the userto reference access codes to determine whether they correspond to eachother and match. If so, the user will be allowed appropriate access tothe service provider's server and/or website 50. It shall be understoodthat the comparator, and other components to the aforementionedclient/server systems implemented in any of the authentication systemsand methods herein, may incorporate software using techniques known inthe prior art.

Many embodiments of the invention can provide dynamic graphicalarrangements that can be incorporated into existing authentication andhuman verification system for preventing unauthorized or automatedaccess. Because cyber crimes often begin with unauthorized users gainingaccess to accounts to online accounts and applications, concepts of theinvention herein can also be implemented to create a first line ofdefense that provides stronger user authentication. Various embodimentsof the invention may be used with security protocols to provide securelogin routines for user authentication that are effective against manyprevalent forms of hacking, including historic threats like phishing, aswell as new and growing threats like brute-force attacks, keystrokelogging, and man-in-the-middle (MITM) spying. Additional embodiments ofthe invention can be modified for a variety of applications includingnetwork login, virtual private network (VPN) access, and web-basedapplications and Web sites.

It should be understood from the foregoing that, while particularimplementations have been illustrated and described, variousmodifications can be made thereto and are contemplated herein. It isalso not intended that the invention be limited by the specific examplesprovided within the specification. While the invention has beendescribed with reference to the aforementioned specification, thedescriptions and illustrations of the preferable embodiments herein arenot meant to be construed in a limiting sense. These are described asexamples in relation to the drawings attached hereto and furthermodifications, apart from those shown or suggested herein, may be madewithin the spirit and scope of the invention. Furthermore, it shall beunderstood that all aspects of the invention are not limited to thespecific configurations set forth herein which depend upon a variety ofconditions and variables. Various modifications in form and detail ofthe embodiments of the invention will be apparent to a person skilled inthe art. It is therefore contemplated that the invention shall alsocover any such modifications, variations and equivalents.

We claim:
 1. A method in a computing system for providing securetransactions, the method comprising: receiving from a client a requestto perform a transaction; creating a transaction verification pagecomprising information regarding the transaction, the transactionverification page comprising a dynamic graphical arrangement of randomlyselected images, the transaction verification page requesting the userto select at least one image from a selected category of images chosenfor an image recognition task to commit the transaction; transmittingthe transaction verification page to the client; receiving an imageselection from the client, the image selection being input to thetransaction verification page by the user; in response to the imageselection matching the randomly selected image from the selectedcategory, committing the transaction represented by the transactionverification page; and in response to the image selection not matchingthe randomly selected image from the selected category, aborting thetransaction represented by the transaction verification page.
 2. Themethod of claim 1 further comprising maintaining a plurality of userrecords, each user record comprising an account identifier and a clientdevice identifier, wherein the request to perform a transactioncomprises the user's account identifier and client device identifier andidentifying the user requesting the transaction from input of theaccount identifier and receipt of the client device identifier.
 3. Themethod of claim 1 wherein the transaction verification page furthercomprises at least one advertisement having a hyperlink to an advertiserwebsite.
 4. The method of claim 3 wherein the advertisement comprises atleast one of the plurality of randomly selected images from the dynamicgraphical arrangement of images.
 5. The method of claim 1 wherein thedynamic graphical arrangement of randomly selected images comprises agrid of at least four images wherein at least one image is from theselected category.
 6. The method of claim 5 wherein a first image of theplurality of randomly selected images is from a first selected categoryand wherein a second image is from a second selected category.
 7. Themethod of claim 1 wherein the image selection comprises pointing to andclicking the image from the selected category.
 8. The method of claim 1wherein the image selection comprises input of a randomly generated andrandomly assigned access code associated with the at least one imagefrom the selected category.
 9. The method of claim 1 wherein at leasttwo of the plurality of randomly selected images are from the selectedcategory and wherein the image selection comprises input of a firstrandomly generated and randomly assigned access code associated with afirst image from the selected category and a second randomly generatedand randomly assigned access code different from the first access codeand associated with a second image from the selected category.
 10. Acomputer system for selectively accepting access requests from an accessdevice connected to a server computer by a network, the computer systemcomprising: a memory and a processor to execute instructions stored inthe memory, wherein the memory stores instructions to: receive an accessrequest from the access device; generate a dynamic graphical arrangementof randomly selected images in response to the access request, whereinthe dynamic graphical arrangement of randomly selected images comprisesat least one image from at least one selected category chosen for animage recognition task; present the dynamic graphical arrangement ofimages on an output device of the access device; instruct a user toselect each image from the chosen category; receive an input from theaccess device, the input comprising user selection of at least one imagefrom the at least one selected category; and accept the access requestif the input from the access device corresponds to the images from theselected category chosen for the image recognition task and otherwisedenying the access request.
 11. A method for providing an automated testto tell computers and humans apart comprising: receiving a dynamicgraphical arrangement of images in response to an access request, thedynamic graphical arrangement comprising at least one image from aselected image category chosen for an image recognition task and atleast one image not from the selected image category, wherein the imagerecognition task comprises an instruction to select an imagecorresponding to the selected image category from the dynamic graphicalarrangement of images; receiving the image recognition task;transmitting an input comprising identification of an image selected bya user; and receiving an indication that the access request has beengranted or denied based on a comparison of the image selected by theuser to the at least one image from the selected image category.